Biz & IT —

New Microsoft law enforcement tool bypasses PC security

Digital forensics is still a relatively new addition to the field of law …

Microsoft revealed its development of a digital forensic analysis toolkit at a security conference yesterday as part of a wider discussion of how technology can be used to fight crime. The Computer Online Forensic Evidence Extractor, or COFEE for short, is a USB thumb drive that contains software capable of executing approximately 150 separate commands. Once plugged in, COFEE can be ordered to decrypt system passwords, display a history of internet activity, and search the system for evidence.

Details on precisely what the device can do have been kept vague, probably on purpose, but the Seattle Timesreports that Microsoft has been distributing the devices to law enforcement agencies around the world since last June. Currently, about 2,000 people in 15 countries world-wide have access to the devices, which allow police to gather dig for data immediately onsite, thus avoiding the wait involved in offsite analysis COFEE also allows law enforcement to snapshot any data that might be lost when a system is shut down for seizure and transport.

The larger idea behind the development of COFEE is to make it harder for criminal elements to hide behind the anonymity of the Internet. The rapid growth of websites like MySpace, Twitter, and other social networking sites is not without consequences. Microsoft General Counsel Brad Smith used the rapid urban population growth in the 19th century to illustrate how COFEE is supposed to work. As more packed cities led to an increase in urban crime, digital population growth today creates the same nooks and crannies for the seedier elements of a society. Microsoft's goal in partnering with various law enforcement agencies is to give police officers more effective tools for peering into such dark spaces; hopefully preventing predatorial attacks before they begin.

On a practical level, COFEE may also take some of the strain off over-burdened digital analysis labs. Many police departments in the US lack the equipment and training to do their own analyses onsite, which leaves them no choice but to ship equipment to the relative handful of groups capable of performing the task. COFEE doesn't take the place of a thorough system search, but it does give officers a chance to gather preliminary information on what is or isn't on the system and prioritize accordingly. For now, Microsoft is making COFEE available for free, but the company has not stated whether or not it intends to commercialize the product at some point in the future.